Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

WSUS Group Policy permissions

Status
Not open for further replies.
Callahan

Callahan

Technical User
Nov 21, 2001
174
GB
Ok, here's the current structure of my AD. I have 3 OUs, one called Desktops, one called Laptops and one called Users. Each contains what you'd expect them to contain. I have a WSUS server up and running on the network. I have configured the Desktop OU and the Laptop OU with a Group Policy to point them to the WSUS server and all the extra configuration options have been set.
I have assigned the permissions of 'Read' and 'Apply Group Policy' to the 'Domain Computers' group and also to the 'Everyone' Group.
When users log onto their desktops or laptops, despite the machines being short of up to 30 patches, they are not downloaded. If I log on locally to a desktop or laptop as a local admin, the updates are downloaded and when I select 'Shutdown' I am prompted to 'Install updates and shut down' which is the way I've configured it to work through the Group Policy.
Now, here's the odd part. If I go to a machine that isn't updating and do a Windows Update from the MS site I find that the machine is missing the latest version of Windows Installer (V3.1), the KB898461 update and the Genuine Advantage Validation Tool, all of which you need to install before Windows Update will work. Once I install these, restart the machine and log back on as a normal user, the machine contacts the WSUS server and all the updates download as they should and I am prompted to 'Install updates and shutdown' when I try to shutdown Windows.

So, 2 questions...
1). Am I going to have to visit each machine and install these 3 updates before WSUS will work?
2). Can I (should I) remove the Everyone group and use Authenticated Users or Domain Users instead?

Thanks for your help.
 
Sort by date Sort by votes
Ok. In the Group Policy there are two locations that you have to configure the Automatic Updates at. The Automatic Updates Section, which seems that you have configured and the service. Did you make sure that the service is either automatic or manual in the GPO?


Gladys Rodriguez
GlobalStrata Solutions
Computer Repair, Website Design and Computer Consultant
Small Business Resources
 
Upvote 0 Downvote
I'm not sure that you can configure services in GP. Although I have written a script that forces the Windows Update service to start and the BITS service to start in a startup script through GP. The script then runs a wuauclt.exe /detectnow to ensure that the machines register with the WSUS server. The updates work fine as logging on as a local admin first and upgrading the 3 updates mentioned above causes the Automatic Update process to work fine when the user logs on.

Completely at a loss (and not looking forward to manaully patching hundreds of machines before WSUS works!)...
 
Upvote 0 Downvote

Ok. Now I understand better your problem. I have never run into that one but I work mostly in SMS instead of just WSUS. I will see if I can find something ...

Another option is have a script run that goes to every machine and do the install using an admin account.


Gladys Rodriguez
GlobalStrata Solutions
Computer Repair, Website Design and Computer Consultant
Small Business Resources
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

antonio_dsanchez
  • Locked
  • Question
post-installation WSUS windows server 2016
Replies
0
Views
556
antonio_dsanchez
antonio_dsanchez
Leozack
  • Locked
  • Question
WSUS activity history
Replies
0
Views
193
Leozack
Leozack
rrmcguire
  • Locked
  • Question
group policy to set dns
Replies
2
Views
424
rrmcguire
rrmcguire
kurio71
  • Locked
  • Question
Clean Install of 2016 - NTFS permissions
Replies
1
Views
221
hairlessupportmonkey
hairlessupportmonkey
gbaughma
  • Locked
  • Question
Shared folder permissions
Replies
0
Views
140
gbaughma
gbaughma

Part and Inventory Search

Sponsor

Back
Top